2407332 – (CVE-2025-40097) CVE-2025-40097 kernel: ALSA: hda: Fix missing pointer check in hda_component_manager_init function

Bug 2407332 (CVE-2025-40097) - CVE-2025-40097 kernel: ALSA: hda: Fix missing pointer check in hda_component_manager_init function

Summary: CVE-2025-40097 kernel: ALSA: hda: Fix missing pointer check in hda_component_...

Keywords:
Status:	NEW
Alias:	CVE-2025-40097
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-10-30 10:01 UTC by OSIDB Bzimport
Modified:	2025-11-26 13:26 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-10-30 10:01:57 UTC

In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda: Fix missing pointer check in hda_component_manager_init function

The __component_match_add function may assign the 'matchptr' pointer
the value ERR_PTR(-ENOMEM), which will subsequently be dereferenced.

The call stack leading to the error looks like this:

hda_component_manager_init
|-> component_match_add
    |-> component_match_add_release
        |-> __component_match_add ( ... ,**matchptr, ... )
            |-> *matchptr = ERR_PTR(-ENOMEM);       // assign
|-> component_master_add_with_match( ...  match)
    |-> component_match_realloc(match, match->num); // dereference

Add IS_ERR() check to prevent the crash.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Comment 1 Jon Moroney 2025-10-30 16:44:16 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025103016-CVE-2025-40097-7676@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.